DORA overview
DORA is an EU regulation passed in 2022. Its aim is to fortify financial infrastructure in the EU against cyber security threats and risks, and to improve the outlook for business continuity across the EU economy.
The Act recognises that risk is not contained within financial-sector entities. Risk is spread along the digital supply chain and involves hardware, software and services used by financial-sector entities. Weaknesses in any part of the financial ecosystem could threaten the economy, or nations and subsectors within it. Under DORA, responsibility starts with financial services organisations: they must now identify all the organisations in their ICT supply chain and ensure that they, and even third-party suppliers, understand and comply, in appropriate measure, with the requirements of DORA.
Financial organisations are spearheading the change. They will require their suppliers to change practices and/or update contracts. To keep or win business from financial-sector entities, ICT organisations will need to revise their practices and demonstrate compliance. Training will help you anticipate and prepare for new ways of working.
Threats are real, and DORA has arisen from a backdrop of cyber security and privacy breaches in critical national infrastructure, including attacks on central banks. The financial crash of 2008 highlighted that risk is hard to contain. While DORA has commercial implications for organisations, it has wider implications for national security and international stability. Open banking and innovation in finance are giving more choice and convenient ways of paying, saving and borrowing. DORA is there to safeguard us all in the light of new freedoms opened up by technology. New levels of awareness, collaboration and coordination are emerging, and DORA is driving a new sense of accountability for all involved.
Sign up for email alerts about cyber security
Who needs DORA training?
Financial services entities
While the regulatory spotlight is on financial services entities, DORA is about mitigating risk across the digital supply chain. It impacts a wide range of financial services entities including lenders, investors, insurers, payment institutions, and others.
Internal business functions
All these financial entities, if operating in the EU, are required to identify all their ICT-supported business functions. This must be done in detail – listing the roles and responsibilities of individuals and all their dependencies in relation to ICT risk. Legal, compliance, IT and customer services functions are likely to be affected, and responsible individuals in each will need to gain at least a working knowledge of DORA to fulfil their roles competently. The remits of many different role-holders are expanding to encompass DORA. Our training courses help role-holders upskill in a timely and engaging way.
ICT service providers
ICT stands for information and communications technology. It is a term used in other EU regulations such as PSD2 (Payment Services Directive) and NIS2. It covers ICT suppliers like Microsoft and Google, as well as small businesses supporting financial services organisations.
Demonstrating DORA compliance in your systems, processes and customer contracts will help you retain key financial services customers and win new business.
Audit and compliance professionals
For those working as auditors for key cyber security-, IT- or financial services-related standards, and those working as compliance consultants, training provides you with the understanding, qualifications and credibility to expand your remit to include DORA. Our training courses help you quickly build on your existing skills and knowledge to incorporate DORA compliance.
Information security and cyber security technical specialists
If you are involved in building, maintaining or testing your networks and IT infrastructure, then you play a vital role in terms of DORA compliance. The regulation specifies that regular resilience testing is essential and that any identified risks or breaches need to be dealt with systematically. Understanding how your role fits into the financial services and IT sectors and plays a part in protecting the EU economy will help you act faster and smarter in alignment with prescribed procedures. Your skill sets are becoming increasingly critical. Becoming DORA-proficient and nurturing your own professional development can bring greater meaning and motivation to your career.
Free brochure: DORA training courses for organisations and specialist consultants
Organisations in scope for DORA need reliable consultants, compliance experts, auditors and security services such as penetration testing and ethical hacking. DORA training equips consultants to serve this market. Certifications will help you stand out from untrained advisers and provide your services when they are needed most. Find out about the courses on offer for your role.
Download now
Beat the deadline
DORA is now effective in EU law, and all those in scope need to demonstrate compliance before January 2025. It takes time to adjust or create systems, test them and be confident in them, and longer still to ensure that third-party suppliers are also up to date and in line with DORA.
Training will help you compress the lead time from awareness to verified compliance. Starting early is a risk-reduction strategy in itself, and every organisation affected by DORA will need to plan to maintain staff awareness and DORA competencies in all the relevant business functions – achieving compliance is contingent upon having robust plans to have DORA-competent staff to maintain DORA-compliant systems and frameworks.
Auditors and compliance consultants and could be called upon to carry out DORA compliance audits alongside other audits that you regularly perform for customers. Training now will prepare you for that additional business opportunity.
All courses
For progressive learning, choose from individual courses starting with the Foundation course and moving on to the Practitioner, Lead Auditor or Compliance Officer courses.
For a fast-track to DORA qualifications, choose a combination course.
All courses lead to professional qualifications recognised by HR teams everywhere and that are ISO 17024 certified.
Buying for your business? For a full price list, contact our training experts. There are great discounts for block bookings, in-house training and corporate accounts.
Speak to an expert
DORA: certified training
Single courses
The essential one-day course for all those involved in achieving and maintaining systems to comply with DORA requirements.
Practical working knowledge for financial-sector and tech organisations adjusting to new responsibilities.
Robust and clear guidance for those accountable for ensuring all employees and systems are ready for compliance.
Process-oriented training applying audit skills to DORA in all organisations along the supply chain.
Pragmatic skills and priority-based guidance for those accountable for their organisation’s ongoing compliance.
Combination courses
Our combination courses. C-DORA F is a prerequisite to P, CO and LA. So, the following combination courses provide a 15% discount. Save time and money.
Operational resilience is a success factor: learn how to leverage DORA for process improvement and competitive advantage.
Remits are expanding: get to the ‘what’ and ‘how’ quickly and become certified to steer your organisation with confidence.
Go straight from a broad view of DORA to what it takes to audit for compliance and excellence.
Learn your way with our flexible delivery methods
We want you to learn, qualify and progress, and we are committed to providing learning options for a wide range of scenarios, including deadline-driven, career-orientated, company-wide or interest-led learning.
Instructor-led public courses
Structured learning, with clear direction and guidance from expert practitioners:
- Focused learning
- Delivered by expert practitioners
- Peer support
- In-the-moment insights
Learn more
Self-paced online learning
Learn and absorb material in a way that works for you:
- Study at your own pace
- Cost-effective
- Bite-sized learning
- Fits around you
Learn more
Unique blended learning courses
The most effective learning method for professionals:
- Work around lifestyle challenges
- A more manageable programme
- Tailored, mastery-based learning
- Better learning outcomes
Learn more
In-house and corporate training
Learning as a team and building a culture of awareness:
- Unique to you
- Peace of mind
- Improve teamwork
- Maximise your budget
Learn more
Why choose IT Governance for your training needs
Renowned experts
We are the recognised global leader in the fields that we train in. IT Governance led the world’s first ISO 27001 certification project and introduced the world’s first certified GDPR training. Since then, more than 30,000 professionals have trained with us.
Insider insights
We keep you up to date with breaking news and developments in relevant standards, regulations, best practice and cyber threats, giving you the ‘first to know’ advantage and time to prepare your organisation.
Structured career pathways
We help you navigate a wide range of qualifications to build a career. Through accessible and affordable training and events, you can earn CPD points to empower your professional journey, maintain your qualifications and improve your business impact.
Engaging experiences
Our courses and learning materials are built and delivered by subject-matter experts and innovative instructional design specialists with years of practical, hands-on experience.
More ways to learn
We offer the widest range of learning formats per course than any other training provider, including instructor-led courses, self-paced online training and bespoke courses for organisations. We also offer a unique blended learning method, designed for the digital age, which combines Live Online, self-paced and expert tuition.
Learn to earn
Pay by credit card online or by invoice. If you are personally investing in your career, you can spread the cost with our finance options. Fantastic discounts on books and courses are available for training graduates and corporate partners.
ISO 17024-accredited qualifications
IT Governance delivers a unique and unrivalled portfolio of training courses and examinations leading to ISO 17024-accredited qualifications awarded by IBITGQ, BCS, ISACA®, EC-Council, PeopleCert and Microsoft.
Outstanding quality
Learn better and faster with exceptional course content. Our course material includes extra learning aids, and interactive and practical exercises to help you before, during and after the training so you can put theory into practice with ease.
Pass first time or train again for free
More than 30,000 people have passed exams with our training. Pass first time or train again for free.*
*T&Cs apply.
The elegant solution for DORA compliance
Our unchallenged position as the authority on implementing ISO standards, and cyber security governance, risk and compliance frameworks allows us to adjust and align existing practices to help you achieve DORA compliance efficiently, calmly and ahead of schedule.
We help you develop robust procedures, policies and frameworks without overengineering or reinventing systems. We want you to gain clarity so you can speed up your journey to compliance without DORA becoming a financial and regulatory burden.
Cost-and-time-efficient packages
Operational resilience is a time-sensitive priority. We have created concentrated learning packages with our combination training courses. At IT Governance, we are committed to helping you get where you need to be, faster.
Our corporate packages enable organisations to block-buy training for employees, contractors and even suppliers engaged in DORA implementation projects. In addition, since to obtain compliance you need to show you have plans to maintain compliance, you will want to ensure that you can quickly upskill employees to cover all the required competencies, applying the DORA principle of continual improvement. Plan ahead, maximise your budget and access a range of additional benefits. Talk to us today.
Complete support for DORA compliance
At IT Governance, we provide:
- Training to upskill staff, project teams and those with ongoing accountability;
- Toolkits, including customisable policies and procedures to accelerate implementation;
- Books to deepen your understanding in key areas;
- Consultancy to augment or steer your project teams to compliance efficiently and in sync with existing compliance-related activities; and
- Free resources that help you deepen your understanding, including white papers, articles, and webinars with expert speakers.
For individual career growth, role-specific learning and professional training for teams, we offer a broad range of courses, structured learning pathways and a variety of ways to learn, from instructor-led courses to blended online or self-paced courses.
We also offer simple and fun e-learning courses for staff awareness. These short sessions can be taken online at any time. That’s another way we help you train for new responsibilities and to excel in your role.
FAQs
Combination courses let you take two short courses in one concentrated time block. It saves time by skipping the recap of what was covered in the lead-in course. You can still take the two online exams at the end.
Some combination courses enable those already qualified in a core discipline such as lead auditor to skip the prerequisite courses and reduce the total cost and time of becoming certified in a new area or at a more advanced level.
Yes. You can purchase the exam vouchers separately here.
There is no formal pre-reading. However, reading around DORA before a course will help you absorb the information more easily during the training. There are some great articles in our resource hub and we have a handy guidebook that is a quick pre-read and a good memory prompter after the training.
DORA is a new European framework that focuses on embedding a more robust and resilient approach to delivering digital capabilities in financial markets.
The framework’s purpose is to help financial services companies ensure they can maintain resilient operations through severe operational disruption caused by cyber security and ICT issues.
The DORA risk management framework builds on previous industry-specific guidelines and introduces a single consistent supervisory approach. It aims to harmonise security and resilience practices across financial services companies operating in the EU and their ICT providers.
DORA applies to more than 22,000 financial entities and ICT service providers operating within the EU, as well as the ICT infrastructure supporting them from outside the EU. The Act introduces specific and prescriptive requirements for all financial market participants including (but not limited to) banks, investment companies, insurance undertakings and intermediaries, crypto asset providers, data reporting providers and Cloud service providers.
DORA defines requirements around consistent ICT risk management, comprehensive resilience testing capabilities (including threat-led penetration testing) and third-party risk management, ensuring a consistent provision of services across the entire value chain.
The five key topics at the centre of DORA are:
- ICT risk management;
- Reporting on ICT-related incidents;
- Digital operational resilience testing;
- Management of third-party risk; and
- Information and intelligence sharing.
The Act is unique in introducing an EU-wide oversight framework on critical ICT third-party providers, as designated by the European supervisory authorities.
DORA entered into force on 16 January 2023. With a two-year implementation period, financial entities will be expected to be compliant with the Act by 17 January 2025. Audits and inspections could happen before the compliance deadline and may be conducted by the same auditors that judge compliance with other regulatory standards.
For a summary of all the roles in small and large organisations that will be impacted by DORA, and who could benefit from specific types of training or support, talk to a training expert: we will send you a free infographic and guide.
DORA Training for all stakeholders
Find out more about training for all stakeholders: individuals, teams, consultants and accountable leaders.
Find out more
Got a question? We have the solution
The DORA transition period ends on 17 January 2025. We can help you train staff in all the key competencies needed to demonstrate compliance. Talk to a training expert about the skills you need.